Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Terminal Server profile may be corrupted after password change

Terminal Server profile may be corrupted after password change

View products that this article applies to.

Symptoms

Consider the following configuration:

1. A User "Bob" is configured with a roaming profile using the properties of the user account in AD.

2. Bob is also configured with a Remote Desktop Services Profile using the properties if the user account in AD.

3. There is no policy applied to Terminal Servers to delete cached copies of roaming user profiles.

4. Bob's password has expired OR "User must change password at next logon" is set on his account.

5. Bob logs onto a Windows 2008 R2 Terminal Server and is prompted to change his password. He successfully changes his password, does some work and then logs off.

6. The next time Bob logs onto a workstation (not a Terminal Server) his roaming profile appears to be corrupted and has settings from his Terminal Services profile.


↑ Back to the top

Cause

During the logon to the Terminal Server in step 5, the ROAMING profile is loaded by the system for the pwd change. This is required during the password change for the DPAPI component to update the users PKI data which is stored in the profile.

During the loading of the roaming profile we check if there is a local copy of the profile already on the server. Since this exists (due to step 3.) we do not copy down the roaming profile but load the local copy (which happens to be the Remote Desktop Services profile since we are on the Terminal Server).
Once the password change is done the profile is then unloaded and copied back to the Roaming profile share. Note: because we loaded a local copy of the TS profile it is now copied back to the roaming share and reconciled with the copy of the Roaming profile on the share. Therefore the Roaming profile is corrupted.

↑ Back to the top

Resolution

To have us fix the problem for you, go to the "Fix it for me" section. If you prefer to fix the problem yourself, go to the "Let me fix it myself" section.


Fix it for me

To fix the problem automatically, click the Fix it button or link. Then click Run in the File Download dialog box, and follow the steps in the Fix it wizard.



Notes
  • This wizard may be in English only. However, the automatic fix also works for other language versions of Windows.
  • If you are not on the computer that has the problem, save the Fix it solution to a flash drive or a CD and then run it on the computer that has the problem.
  • We would appreciate your feedback. To provide feedback or to report any issues with this solution, please leave a comment on the "Fix it for me" blog or send us an email message.

Let me fix it myself
To resolve this problem enable the group policy:

Computer Configuration \ Policies \ Administrative Templates \ System \ User Profiles \ "Delete Cached Copies of Roaming profiles" - Enabled.

Apply this policy to the Terminal Servers.


↑ Back to the top

More Information

This behavior is by design.

↑ Back to the top

Keywords: kbfixme, kbmsifixme, kb

↑ Back to the top

Article Info
Article ID : 2755940
Revision : 1
Created on : 1/7/2017
Published on : 2/20/2013
Exists online : False
Views : 311